Re: [ga] CEOs and Directors Need to Tackle Cyber SecurityThreats

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

JFC and all,

  Agreed that CEO's need to emphasize DNS security, which I have
been calling for for several years now from ICANN.  The IETF has
done a good job with DNSSEC, but not so good with IPv6 in respect
to security.  Yet ICANN's RAA contracts with Registries remarkably
does not include any requirement for DNSSEC and no migration
path to IPv6, yet IPv6 is ICANN's stated direction.  Although I
have not been a great supporter of IPv6 for many and obvious security
holes in respect to same, improving overall internet security at a basic
level is greatly needed and has been for over six years now and has
been articulated repeatedly to ICANN by myself and many others
repeatedly, with little to no consideration from ICANN.  This is
attitude and display of same, not exceptable and endangering to
users, registrants, and emerchants.

Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div.
of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827

JFC Morfin wrote:

> It too bad that this reports highlights the ICANN's role in
> "coordinating" addresses without explaining the share of ICANN in the
> Non-Secured Internet Environment (NSIE). How will we fix the problem
> if we do not identify it properly?
>
> Security could result from :
> 1) better organisation of the IP addressing with national and
> corporate security in mind
> 2) speeding permitting the IPv6 deployment (hampered by the PI problem)
> 3) using addressing to spur new networking R&D
> 4) including addressing impact in the ICP-3 non-implemented test-bed
> 5) involving @large reps in ASO [why is the GA restricted to the GNSO only?]
> just to quote a few addressing related issues.
>
> ICANN which now claims to control the IANA's content, should also be
> clearer in its specs to IETF and represent the users there (when was
> the last ALAC letter to the IAB/IETF about users needs and
> requirements). ICANN for example should develop an information
> campaign on the security risks introduced by its IDN deployment and
> the current discussions at private level of a few engineers on the
> revision of IDNA RFCs, in particular due to some of its phishing and
> security related issues.
>
> I observe that we are more and more in a confusion-up rather than in
> a clarity-down form of thinking. It seems that the best solution for
> a CEO is now to spend coporate money in buying guns than in paying
> taxes for the police and to build a secure national network system.
> An American culture that our British friends seem to adopt nowadays?
>
> I am not sure this is really what the rest of the world considers as
> a nice democratic globalisation and a true progress?
> jfc
>
> At 12:02 13/12/2007, GNSO.SECRETARIAT@xxxxxxxxxxxxxx wrote:
> >[To: council[at]gnso.icann.org; liaison6c[at]gnso.icann.org]
> >[To: ga[at]gnso.icann.org; announce[at]gnso.icann.org]
> >[To: regional-liaisons[at]icann.org]
> >
> >http://www.icann.org/announcements/announcement-12dec07.htm
> >CEOs and Directors Need to Tackle Cyber Security Threats
> >
> >Report Highlights New Security Environment and Critical Steps for
> >CEOs to Protect their Business
> >
> >12 December 2007
> >
> >Washington, D.C. - CEOs must make cyber security a top priority or
> >their businesses could fall victim to industrial espionage similar
> >to recent cyber attacks on such large companies as Rolls-Royce and
> >Royal Dutch Shell. That's the conclusion the report Cyber Attack: A
> >Risk Management Primer for CEOs and Directors released today by the
> >British-North American Committee (BNAC) and the Atlantic Council of
> >the United States, a U.S. sponsor of the Committee.
> >
> >The one global Internet, for which the Internet Corporation for
> >Assigned Names and Numbers (ICANN) coordinates addresses, makes
> >possible about $2.8 trillion in global e-commerce annually.
> >
> >"As enterprise on the Internet has become more sophisticated, so
> >have cyber criminals," said Dr Paul Twomey, ICANN's President and
> >CEO, and one of the report's main authors. "The message of this
> >report is clear - senior government figures and leaders of
> >corporations need to make cyber-security a personal priority."
> >
> >"Global investors, CEOs and board directors, while measuring risks
> >to the corporate bottom line, will have to know what they are doing
> >to prevent data compromises. CEOs are not IT experts and they don't
> >have to be. This report is a quick comprehensive reference list of
> >things that every chief executive should know and do," said William
> >Mayer, founder of Park Avenue Equity Partners and chairman of the
> >BNAC Cyber Security and Business working group.
> >
> >"We live in a completely different environment wherein people and
> >businesses are dependent on technology and the Internet and while
> >this helps us run are companies better, we need to realize that
> >there are corresponding risks and threats. Cyber security is
> >therefore critical to the success of every enterprise," said
> >Frederick Kempe, Atlantic Council president and CEO and a BNAC
> >member. "It must be an integral part of every CEO and directors
> >thinking and planning."
> >
> >The report calls on CEOs and corporate directors to take actions to
> >protect their businesses and organizations from cyber attacks. It
> >identifies information security threats, and most commonly made
> >mistakes in data security and provides recommendations for business
> >and corporate leaders to manage cyber security risks.
> >
> >"This report is a timely reminder to all organisations - large and
> >small, public and private - of the need keep up with best data
> >security practices. The risks are very real but help is at hand,"
> >said Clive Mather, until recently president and CEO of Shell Canada
> >and a BNAC member.
> >
> >Among its recommendations, the report urges CEOs and directors to:
> >
> >     * Establish a comprehensive information security policy,
> > implemented by senior management;
> >     * Hold a company-wide security audit to expose vulnerabilities
> > and strengths and give a complete picture of an organization's
> > security requirements;
> >     * Underpin a robust security culture with frequent and rigorous
> > testing; and
> >     * Prioritize keeping abreast of changes in security technology
> > and best practices, including through participation in relevant
> > international information security organizations.
> >
> >The report further provides a comprehensible information security
> >checklist of recommendations chief executives and directors must
> >follow to protect their corporations against industry espionage.
> >Endorsed by members of the British-North American Committee, a group
> >of distinguished business, academic, and labor leaders from the
> >United Kingdom, the United States and Canada, the report is
> >available online at
> >http://www.acus.org/docs/071212_Cyber_Attack_Report.pdf [PDF, 1,400].
> >
> >About the British-North American Committee:
> >Launched in 1969, the British-North American Committee (BNAC) is a
> >group of leaders from business, labor, and academia in Canada, the
> >United Kingdom and the United States committed to harmonious,
> >constructive relations among the three countries and their citizens.
> >BNAC is sponsored by three nonprofit research organizations - the
> >British-North American Research Association in London, the Atlantic
> >Council in Washington, and the C.D. Howe Institute in Toronto. Alan
> >R. Griffith, formerly of the Bank of New York, and Sir Paul Judge,
> >chairman of Teachers TV, are, respectively, the North American and
> >British co-chairmen. Professor Thomas H.B. Symons, C.C. is chairman
> >of the Executive Committee.
> >
> >About The Atlantic Council of the United States:
> >Founded in 1961, The Atlantic Council of the United States is an
> >independent, non-partisan organization dedicated to stimulating
> >dialogue and discussion about critical international issues with a
> >view to enriching public debate and promoting consensus on
> >appropriate responses in the Administration, the Congress, the
> >corporate and nonprofit sectors, and the media in the United States
> >and among leaders in Europe, Asia, and the Americas. The Atlantic
> >Council's mission is to promote constructive U.S. leadership in
> >international affairs based on the central role of the Atlantic
> >Community in meeting the global challenges of the twenty-first
> >century. For more information about the Council's work, please visit
> >its website on www.acus.org.
> >
> >--
> >Glen de Saint Géry
> >GNSO Secretariat - ICANN
> >gnso.secretariat[at]gnso.icann.org
> >http://gnso.icann.org
> >